Theresa May�s proposals to track Internet users

I have heard various descriptions of the Theresa May proposals but they are all different.

Does anyone know what the proposals areally are?

http://www.theguardian.com/technology/2014/nov/23/li...

I think it's a cunning plan to make ISPs realise that identifying users is much easier if they issue static IPs, and as there aren't enough to go around they'll accelerate the take-up of IPv6

... as there aren't enough to go around they'll accelerate the take-up of IPv6

I like it!

I think this BBC report is closer than that nonsense report from the Guardian http://www.bbc.co.uk/news/uk-politics-30166477

Wouldnt a terrorist or a pedophile wanting to hide their IP address just use TOR or something anyway?

thats exactly why this is sinister, they want all traffic easily accessable there can be no reason to expect that anyone doing anything really wrong wouldnt use readily available tools to protect their identity and personal details, big brother is not satisfied with selling us no tax discs and car tracking they want more details about everything, soon we wont need to vote they will be able to have "an election "by ip address and tracking of political sites visited, hmmmm maybe we dont need elections after all..??

I finally got around to watching Captain America Winter Soldier last night. Your post very much reminds me of that - a dystopian future where the information collected tells you who is a potential threat for the future (and this obviously isn't the first film/book to use this premise).

I am not sure if it extends to mobile network - these are pretty much all sharing a small pool of public IP addresses so not sure how far the mobile networks have to identify the traffic coming from an individual handset/device. Given how quickly mobile is taking over as the way to get content then presumably they have thought of this (although that may be giving them too much credit).

As someone who isn't a terrorist ect, i have a problem with government wishing to spy on my online activities As i belive that is my right to privacy, the government should stop it's meddling and keep it's power hungry beak well and truly out of the buisness of law abiding public

But how do the government know you aren't a terrorist. I suspect most terrorists would say they aren't otherwise it would be pretty easy to find them...

The Government are quick to use the "help fight terrorism" card when trying to pass new laws, when in reality its just an excuse so they can keep closer eye on everyone

In reply to a post by tommy45:

As someone who isn't a terrorist ect, i have a problem with government wishing to spy on my online activities As i belive that is my right to privacy, the government should stop it's meddling and keep it's power hungry beak well and truly out of the buisness of law abiding public

Easy solution: use a VPN such as AirVPN which does not keep any logs of your online activities.

In a speech by Theresa May she has just said 'require Internet Providers to retain IP records'

Sounds like what I thought most did anyway and how providers have been able to provide the matching of Copyright Infringement requests to users accounts.

Clearly need to see the actual wording of the bill and waiting for that before it goes into the news, as seen so many versions at the weekend.

In reply to a post by bobble_bob:

The Government are quick to use the "help fight terrorism" card when trying to pass new laws, when in reality its just an excuse so they can keep closer eye on everyone

For what purpose?

Who knows, but ID cards, logging IP addresses were all ideas that were meant to improve security but clearly wont do anything. Anyone who wants to remain anonymous can if they try hard enough.

By using such things you might, ironically, attract attention. As anybody who has read anything about Bletchley Park will know, it's not necessary to decrypt messages to gain valuable intellligence. That very pattern of access can be enough to bring yourself to the attention of the authorities.

One of the concerns of the intelligence community is that the paranoia over this will prompt lots of people to use such mechanisms. They rely on most not to bother, so the population of those that do is small and can be used to correlate with other intelligence sources.

Frankly, most of the stuff people do is of utterly no interest save to somebody trying to sell you something. It's almost a vanity subject. I recall back in the 1980s nobody considered themselves important unless they could claim their phone was being tapped.

In reply to a post by bobble_bob:

Who knows, but ID cards, logging IP addresses were all ideas that were meant to improve security but clearly wont do anything. Anyone who wants to remain anonymous can if they try hard enough.

So you think that the Government wants to "keep closer eye on everyone", but have absolutely no idea as to why?

Personally I think any Government has a duty to protect its' citizens, and I fail to see what May is proposing is in any way some kind of 1984 scenario, it is just making catching criminals a little bit easier possibly.

As you say it is possible to remain anonymous, but some criminals won't be aware of that, and anything that helps get criminals off our streets and into prison is OK by me.

They are control freaks, and they tell porkies about terrorist activity to keep the sheeple scared who just except the erosion of our rights to privacy , if you ain't breaking any laws then what you do on the internet has absolutely nothing to do with the idiots in government they IMO have no legal right to intercept data Unless you are a terrorist suspect, even then they would /should have to justify spying on them with evidence to support their actions, otherwise we will see lots of cases of abuse of power when will the people actually wake up to what is really going on?

Edited by tommy45 (Mon 24-Nov-14 16:24:18)

In reply to a post by tommy45:

They are control freaks,

Ahhh I see. The good old "control freaks" nonsense. What exactly would be the purpose of this "control freakery"?

In reply to a post by tommy45:

and they tell porkies about terrorist activity to keep the sheeple scared who just except the erosion of our rights to privacy,

Got any actual examples of any of these "porkies" us "sheeple" have been told?

In reply to a post by tommy45:

if you ain't breaking any laws then what you do on the internet has absolutely nothing to do with the idiots in government they IMO have no legal right to intercept data Unless you are a terrorist suspect,

Do terrorists send the police emails to let them know who to check out?

In reply to a post by tommy45:

otherwise we will see lots of cases of abuse of power when will the people actually wake up to what is really going on?

So "what is really going on"?

In reply to a post by MrSaffron:

In a speech by Theresa May she has just said 'require Internet Providers to retain IP records'

If the ISPs just have to record details of their IP address allocations, that does sound pratical, which is more than can be said for many of the proposals I have seen and heard in the press.

If you go anywhere by car you will be spotted by some camera checking that you have paid your road fund licence. If you go by train there are also many cameras. I suspect that if I wanted to go poaching which I could by foot, then things probably have not changed much.

Edited by Michael_Chare (Mon 24-Nov-14 22:02:24)

In reply to a post by Michael_Chare:

If you go by train there are alos many trains. I suspect that if I wanted to go poaching which I could by foot, then things probably have not changed much.

???

Thanks, I have corrected my post.

One thing that appears to have been ovelooked entirely is CGNAT.

Whilst ISPs hand out individual IPs to customers in a quasi-static manner, i.e. your IP address may change if you disconnect and reconnect your modem / session, the amount of data to record is minimal (as it doesn't change frequently) and easily obtainable (from their RADIUS or DHCP servers).

However with CGNAT your source IP address as seen by the internet will change frequently, potentially with every single TCP connection opened, which will generate vast amounts of data. It is possible for routing equipment to generate this data, but logging it will add expense to ISPs, especially smaller ones.

I think you have that wrong - your source IP address won't change frequently, but many users will have the same IP address I believe.

On a similar vein, something I raised when CG-NAT was discussed previously was how copyright holders would identify infringing uploaders; they can obtain an IP address from a torrent swarm, but under CG-NAT that will no longer uniquely identify a user.

In reply to a post by MCM:

... as there aren't enough to go around they'll accelerate the take-up of IPv6

I like it!

I'm not sure if that will help them. It might make things worse. By default Windows at least changes the private IPv6 address every 5 seconds unless told otherwise(*). Of course it'll come from the same IP block but good luck tracking specific IP requests back to a login if it's a communal network.

(*)netsh interface ipv6 set privacy regeneratetime=???

Edited by Andrue (Tue 25-Nov-14 15:09:39)

You're taking the idea rather more seriously than I intended

It will depend on the NAT implementation - if when your DSL connection is establish you are assigned a source address shared with a few others the change would be infrequent, however the ISP router may use connection tracking and only stick with one source address whilst connections are active leading to more frequent changes.

Indeed, infringement claims typically specify source address, port and time to the second, so every NAT mapping and the precise time it exists for would have to be recorded to identify the user.

You can track the IPv6/MAC address bindings on the local subnet (NDPMon, or similar, or the router if it has the functionality), and if you are controlling network access (802.1x for wired, or WPA/WPA for wireless with individual username and password rather than pre-shared key), you have the MAC/user association so you can determine which user was using any IPv6 address - however this is only possible locally.